iOS 4.1 Security Flaw Allows You to Bypass Lock Screen to Access Phone App

Start an “emergency call” to a bogus number like “###”, then quickly hit the lock button atop the iPhone — boom, you’ve got full access to the Phone app, including call history and voicemail.

Oddly, or at least coincidentally, it seems to be fixed in iOS 4.2 beta 3 — I can’t reproduce this on my iPhone with 4.2b3 installed, but can on another iPhone with 4.1. Also odd is how similar the exploit is to this one from two years ago — which was also discovered by a MacRumors forum poster. You’d think Apple would have given iOS’s emergency-call-while-locked code a more thorough audit — the thing only has two non-volume hardware buttons, and both of them have now been found to allow the lock screen to be bypassed.

Monday, 25 October 2010

Ads via The Deck Ads via The Deck